RFI Flashcards

1
Q

DREAD

A

Quantifying risk by threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Integrity protection encompasses…

A

more than just data. Also OS, apps, HW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DREAD + STRIDE

A

Threat modeling techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Categories of security investigations (3)

A

Public, Private, Individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Linux file system that supports journaling

A

EXT4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Journaling file system consequence

A

Burns out hard drive easier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Each process starts with…

A

Single threat that can create more threads

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A Windows job is…

A

A group of processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Is a Signature ID an artifact of IPS/IDS events?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Netflow templates provide

A

backward compatibility on netflow supporting systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IPFIX uses which protocol

A

SCTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SILK, ELK, Graylog

A

Can be used for Netflow analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Netflow cache types (3)

A

Normal, Immediate, permanent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

IPFIX based on which version of netflow

A

9

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Incident Prioritization part of which phase of IR process

A

Detection + Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Cisco ATA

17
Q

PSIRT

A

Vendor CIRT

18
Q

E-PHI

A

Electronic PHI

19
Q

Deterministic analysis

A

You know and obtain facts about an incident

20
Q

Activity attack graph useful for…

A

Highlighting attackers preferences and alternative attack paths

21
Q

First step in a forensic exercise

A

Collect and secure evidence

22
Q

Syslog port

23
Q

VERIS stands for

A

Vocabulary for Event Recording and Information Sharing

24
Q

How many people should know about a cyber crime investigation?

A

As few people as possible

25
Resident Data
Data for very small files stored in the MFT.
26
Cisco Adaptive Security Device Manager (ASDM)
Rule based firewall management
27
DNScapy and DNSCAT2
DNS tunneling tools
28
Goal of security awareness program
Provide understanding of risk and exposure
29
What systems must be scanned for PCI DSS compliance?
All systems on isolated PCI network.
30
Journaling Filesystems
EXT3/EXT4 | NTFS
31
Identifying attacking hosts part of which IR phase?
Containment, Eradication, and Recovery
32
CVSS Temporal score categories
Remediation Level Report Confidence Exploit Code Maturity
33
PCI-DSS Compliance scan frequency
Quarterly
34
Senderbase capabilities
Reputation of web/email servers Threat ratings of known hosts Sources sending malware
35
Activity threads
Relationship between multiple diamonds in the Diamond Model
36
BDA strategy
Part of kill chain. Strategy to defend Before, During, and After an attack.